Black Hat USA Brings Focus on Research

Zero-day disclosures, new tools and exploits abound in this year's Black Hat conference in Las Vegas.

Next week, the Caesar's Palace hotel in Las Vegas will host the 15th annual gathering of the minds in the world of security known as Black Hat USA.

This year's conference is expected to have some 6,500 attendees and will feature 82 sessions across nine tracks. The show will also include the release of 36 tools, 17 zero-day disclosures and 49 on-stage demonstrations.

"Black Hat has always been a content focused, community led event - an event by researchers, for researchers," said Terry Ford, general manager of the conference. "Part of the draw to Black Hat is the aspirational aspect of the event, the gathering of the masterminds, researchers or hackers."

A number of talks will focus on issues related to privacy, critical infrastructure and mobile security – in particularly the security of Apple iOS, which both Apple and numerous security researchers will be discussing at the conference. Researchers from Trustwave are also expected to take a crack at Google's app store for Android by demonstrating how Google's Bouncer security system can be bypassed.

Other topics include HTML5, which Shreeraj Shah, founder of application security vendor Blueinfy Solutions, will discuss in a talk about the top 10 HTML5 security threats.

"HTML5 specifications were exciting and it is making browser thick with features," he told SecurityWeek. "I was tracking XHR (XML HttpRequest) and other socket level stuff for past few years and HTML5 came up with Web Sockets and XHR level 2 etc. I started exploring CSRF (cross-site request forgery) possibilities, new XSS (cross-site scripting) vectors, clickjacking stuff etc. It was interesting to understand new policies as well like CORS (cross-origin resource sharing) and sandboxing."

For attendees at the C-level, the executive briefing sessions will take place July 24 and bring a focus on enterprise-related content.

"Many of the earliest Black Hat attendees now serve as CSO/CISO types for government, public and private organizations around the globe," Ford said.

"Security research continues to specialize, and security leaders need a bird's eye view of the battleground," he added. "The Executive Briefings provides some guidance on how to deploy their technical counterparts- something like a leadership meeting in the Black Hat Situation Room."

The conference will take place from July 21 to July 26, with the training sessions taking place July 21-24 and the general briefings July 25 and 26.